Bug Description

Binary package hint: language-selector

Hello,

The actual polkit authentification in the language-selector dbus backend can be easily bypassed.
Steps to reproduce:
1) download ls-dbus-polkit-bypass.py
2) from a terminal ./ls-dbus-polkit-bypass.py de_DE.UTF-8
3) when the polkit agent ask you the password just click "cancel"
3) log you from tty1
4) exec "locale"

LANG has been changed anyway, it should don't... (a root function has been executed bypassing system policy)
Also, SetSystemDefaultLanguageEnv and SetSystemDefaultLangEnv do not check input arguments, so we can perform code injection in root !

This affects maverick and natty. language-selector in <= lucid doesn't use policykit.

I don't think it's easily possible to verify if the language is installed on the system (for example LANGUAGE can contain multiple ":" seperated languages).
Instead it should only make sure that one cannot inject shell commands.
This regex should do that: ^[\w\.\-@:]+$